Risk and Compliance Solicitor (Data Protection)

Location: United Kingdom
Office: Norwich Cambridge Birmingham
Discipline: Risk & Compliance
Contact name: Ben Porter

Contact email: ben.porter@mills-reeve.com
Contact phone: 07587481088
Vacancy reference: 018789
Closing date: 28 February 2023
Startdate: 22 November 2022 - 22 November 2022

A full-time permanent role based ideally in Birmingham, Cambridge or Norwich, but other locations would be considered.  This role will be considered on a part time basis


The role

Reporting on a day-to-day basis (that includes both pastoral care and performance reviews) to the firm’s Head of Best Practice, who holds the roles of Compliance Officer for Legal Practice (COLP) and Chief Information Security Officer (CISO), this role is part of the Risk & Compliance team (R&C), given R&C’s responsibilities in relation to the management of operational risk generally within the firm.  With support from the COLP/CISO and R&C, the role will lead on promoting a culture of data privacy, protection and compliance and embedding best practices across the organisation. 


This role will also take overall responsibility for:

  • providing advice and risk management expertise across a wide spectrum of data protection and privacy matters including our privacy notices, data collection and sharing processes, PECR compliance and the firm’s supplier, client and third-party agreements (including IDTAs for data transfers where required).

  • maintaining data protection and privacy policies, procedures, processes and controls; and

  • ensuring that the organisation complies with the relevant law and regulations and deals with data subject rights’ requests, challenges from outside and personal data breaches.

The person

This is a busy and challenging role and, to be successful, the position requires someone who is/has:

  • a qualified solicitor, ideally specialising in data protection, information legislation or other relevant area.

  • experience in a similar role in data protection and privacy legislation, coupled with demonstrable experience of managing compliance in these areas;

  • educated to degree level or has equivalent level qualifications;

  • committed to continued professional development, and has a willingness to keep up to date;

  • strong written and verbal communication skills;

  • IT literacy and accurate with record keeping;

  • experience of working and engaging with a variety of senior staff;

The post holder must be able to demonstrate excellent communication and interpersonal skills at all times, and be able to build and maintain good working relationships with all stakeholders including the following:

  • Director of Risk Management and the Risk & Compliance team;

  • Director of Marketing and the Marketing and Communications team;


  • Board; and

  • Information Security Forum.

Additional personal attributes will include:

  • strong attention to detail;

  • a logical and systematic approach;

  • energy and enthusiasm;

  • a pleasant and outgoing approach;

  • being a team player;

  • flexibility in approach;

In addition, you will need to:

  • travel to the firm’s other offices;

  • be flexible and able to work longer hours as the role demands.

Key Duties and responsibilities and accountabilities

  • Inform and advise the firm, its employees and Partners about their obligations to comply with data protection and privacy legislation including the UKGDPR.

  • Manage compliance with applicable laws, including managing internal data protection and privacy activities, such as review and update of privacy notices, maintenance of the record of processing activities, and responding to data subject rights requests.

  • Advising on data protection impact and transfer risk assessments, supplier or client contracts and due diligence information, marketing activities involving PECR compliance and data sharing, and the firm’s broader data and digital strategies.

  • Lead or commission appropriate data protection and privacy awareness, training and educational activities.

  • Be the first point of contact for supervisory authorities and for individuals whose data is processed (employees, clients etc).

  • Input into the firm’s responses to client supplier assurance questionnaires, audits and bid/tender responses as they relate data protection and privacy.

  • Supported by the Risk & Compliance Solicitors, take a proactive approach to managing information security incidents and/or personal data breaches, including leading investigations, identifying and monitoring corrective actions and lessons to be learnt.

  • Working closely with the ISO 9001 Internal Audit Manager, construct and maintain the firm’s internal audit programme including reporting outcomes and ensuring identified corrective actions relating to data protection and privacy are appropriately completed.

  • Undertake any other duties which may reasonably be required, commensurate with the role, bearing in mind the developing needs and demands of the firm.

Pre-employment screening

Please note that, in the event that we make an offer of employment, we will conduct pre-employment screening that includes checks relating to your professional and academic qualifications, references from previous employers, your eligibility to work in the UK and any disciplinary history recorded with the Solicitors Regulation Authority (SRA). You will also be required to complete a self-declaration to access your character and suitability.


Disclosure and barring service check

This post is also subject to a satisfactory response from the Disclosure and Barring Service (DBS) to check for any previous criminal convictions.


The Mills & Reeve Business Services career structure

We have a firm wide Business Services career structure and a published career progression framework.  Within the firm wide career structure there are five career levels.  For the purposes of the framework, this role is at Manager level and the role profile that details the outcomes and activities expected of across the firm is included with this job description.  Further information on the firm’s Business Services career structure is available from the HR team.


The package

As you would expect, the firm offers a generous salary and benefits.  The firm’s standard benefits are detailed in the following link:



The firm

What really sets Mills & Reeve apart from other law firms is the way we work with our clients. We understand that clients, in the 21st century, no longer want a traditional law firm – they want one that embraces forward thinking approaches to service, billing, commercial know-how, innovation, people management and community engagement.


Why not find out more about what it’s like to work at Mills & Reeve by taking two minutes to watch our video?



And finally

Mills & Reeve is committed to providing an inclusive and supportive working environment. We are happy to consider flexible working arrangements and endeavour to achieve the right balance for both our people and the business. This attitude to flexible working ensures we continue to provide outstanding service to our clients, whilst allowing our people to develop their careers in the knowledge that personal priorities will remain just that.


Mills & Reeve is committed to promoting equality, diversity and to providing an inclusive and supportive environment. Please click the link below to find further information regarding our diversity policy.




If you would like any more information about Mills & Reeve, you can visit our website by clicking on the following link: